Download the latest JNO-636 dumps pdf to pass your exam successfully 


Exam : JNO-636 


Title : Security,Professional 
(JNCIP-SEC) 


https://www.passcert.com/JN0-636.html 


Download the latest JNO-636 dumps pdf to pass your exam successfully 


1.Exhibit 


FA Exhibit 


Ss 46:17 17:46: 17 317016: Gaal 
O02:RT: flow first policy search: ill = alii fxom| zone: trust-> zone dmz 
(0x0, Oxfe6b0016, 0x16) | 
| Apr 13 17:46:17 17:46:17.317013: ‘CIDA O- ‘THREAD | lID+O1:RTPolicy lkup: vsys Q 
zone(8:trust) -> zone(9:dmz) scope:!0)))|/) Hh $ 
| Apr 13 17:46:17 17:46:17.317020:CcID-0: THREAD ID-01:RPs) 10).10).101.10/65231L -> 
10.10.102.1/22 proto 6 
Aer 13 17:46:17 17:46:17.317031:Crn-+0:THREAD! TD-O1:RT:! permitted by policy 
trust—to-dmz(8) 
Apr 13 17:46:17 17:46:17.317031:CID-O: THREAD ID-01:RT: packet passed, 
Permitted by policy. 
Apr 13 17:46:17 17:46:17.317038:CID-O:THREAD_ID-Ol:RT: choose interface ge- 
0/0/S.0(P2P) as outgoing phy if 
Apr 13 17:46:17 17:46:17. iene ae ii usa ane Found: loop 


on ifp ge-0/0/5.0, addr: 10.10.102.1,, rtt idx: 0 addr type: 0x3. 

Apr 13 17:46:17 17:46:17.317044:CID-0: THREAD TD- 

01:RT: flow _first_loopback check: Setting) interface: qe-70/0/S.0 as loop ifp. 
Apr 13 17:46:17 17:46:17.317213:CID-O;THREAD IDFA; RT]; 


flow fixrst_create_session 

Apr 13 17:46:17 17:46:17.3172195:CID-70:THREAD_IDTOL: RT: flow, first_in_dst_nat: 

0/0/5.0 es incoming nat if. 

| call flow_route_lookup(): src ip 1010100, xl dst ip 10.10.102.1, in ife 
ge-0/0/5.0, out ifp N/A sp 65131, |dp) 22),) ibl proto] 6, tos) 0 

| Apr 13 17:46:17 17:46:17.317227:CID70:THRBAD ID-01:RT: routed (x _dast_ip 

| ł20.10.102.1) from dmz: (ge-0/0/5).0 in 0) te) |\tocal! 0} Next-hop: 10.10.102. 

| Apr 13 17:46:17 17:46:17.317228:CID-—0: THREAD ID- 
O1:RP: flow first_policy search: policy search from zone dmz-> zone junos—host 
(0x9, Oxfe6b0016, 0x16) 
Apr 13 17:46:17 17:46:17.317230:.CID-0: THREAD ID-Ol:RT:Policy: lkup: vsys 0 
zone (9:dmz) -> zone(2:junos-host) scope:0 
Apr 13 17:46:17 17:46:17.317230:CID-O: THREAD [D-O2:RT: 10.10.101.10/6S131 -> 
10.10.1202.1/22 proto 6 
Apr 13 17:46:17 17:46:17.317236:CID-0;: THREAD ID-01:RT: packet dropped, denied 
by policy 
Apr 13 17:46:17 17:46:17.317237:CID-O: THREAD IDrO01:RT: denied by policy deny- 
ssh(9), dropping pkt 
Apr 13 17:46:17 17:46:17.317237:CID-O:THREAD_FDrOL: RT: packes dropped, policy 
deny. 


You are using traceoptions to verify NAT session information on your SRX Series device. Referring to the 
exhibit, which two statements are correct? (Choose two.) 

A. This is the last packet in the session. 

B. The SRX Series device is performing both source and destination NAT on this session. 

C. This is the first packet in the session. 

D. The SRX Series device is performing only source NAT on this session. 

Answer: A,B 
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(4ait) security! pollicies||from-zone)|trust)/|toqzone//untrust) policy Adaptive=Threat— 
Profiling) 
usexrGSRxX-1# show 
match: { 

source—-address any; 

destination—address) any; 

application) any; 

dynamic-application)||{) junos:web:proxy junos:web:anonymizer j); 
} 
then { 

reject { 

applicationnservices) { 
securityrintellagence { 
acdd-sourcerip-to-feed { 
Suspicious: Endpoints; 


} 


Referring to the exhibit, which two statements are true? (Choose two.) 

A. The 3uspicious_Endpoint3 feed is only usable by the SRX-1 device. 

B. You must manually create the suspicious Endpoint3 feed in the Juniper ATP Cloud interface. 

C. The 3uspiciou3_Endpoint3 feed is usable by any SRX Series device that is a part of the same realm as 
SRX-1 

D. Juniper ATP Cloud automatically creates the 3uopi'cioua_Endpoints feed after you commit the security 
policy. 

Answer: A,C 


3.You are required to deploy a security policy on an SRX Series device that blocks all known Tor network 
IP addresses. 

Which two steps will fulfill this requirement? (Choose two.) 

A. Enroll the devices with Juniper ATP Appliance. 

B. Enroll the devices with Juniper ATP Cloud. 

C. Enable a third-party Tor feed. 

D. Create a custom feed containing all current known MAC addresses. 

Answer: A,D 


4.You are not able to activate the SSH honeypot on the all-in-one Juniper ATP appliance. 

What would be a cause of this problem? 

A. The collector must have a minimum of two interfaces. 

B. The collector must have a minimum of three interfaces. 

C. The collector must have a minimum of five interfaces. 

D. The collector must have a minimum of four interfaces. 

Answer: D 

Explanation: 
https://www.juniper.net/documentation/en_US/release-independent/jatp/topics/task/configuration/jatp-traff 
ic-collectorsetting-ssh-honeypot-detection.html 
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(edit eee 
user@srx# show jf i H NH 
ike-policy advupn-policy; HR 
address 192.168.3.1; ity 
local-identity distinguished-name; 

lremote-identity distinguished-name container O=Juniper; 
external—interface ge-0/0/3.0; 

version: v2-only; 

[edit interfaces] 

userGsrx? show st0O 
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unit O f{ 
family inet { 
address 10,1100. 100,1724; 


} 

Referring to the exhibit, a spoke member of an ADVPN is not functioning correctly. 
Which two commands will solve this problem? (Choose two.) 

A) 

(edit: interfaces] 

userĝsrxý set st0.0 multipoint 

B) 

leart Security ike gateway advpn-gateway] 
user@srx? set advpn suggester disable 

C) 

ferite Security ike gateway advpn-qaiteway)) 
user@srx# set local-identity) inet) advpn 

D) 

[edit S@curity)||ike! gateway |iadvon-catevay] 
user@srx¢ set advpn partner disabte 

A. Option A 

B. Option B 

C. Option C 

D. Option D 

Answer: C 


6.You are asked to download and install the IPS signature database to a device operating in chassis 
cluster mode. 

Which statement is correct in this scenario? 

A. You must download and install the IPS signature package on the primary node. 

B. The first synchronization of the backup node and the primary node must be performed manually. 

C. The first time you synchronize the IPS signature package from the primary node to the backup node, 
the primary node must be rebooted. 

D. The IPS signature package must be downloaded and installed on the primary and backup nodes. 
Answer: D 
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7.Which two additional configuration actions are necessary for the third-party feed shown in the exhibit to 
work properly? (Choose two.) 

A. You must create a dynamic address entry with the IP filter category and the ipfilter_office365 value. 

B. You must create a dynamic address entry with the C&C category and the cc_offic365 value. 

C. You must apply the dynamic address entry in a security policy. 

D. You must apply the dynamic address entry in a security intelligence policy. 

Answer: A,C 


8.Exhibit 
user@SRxX> show security flow! TT HA 


Session ID: 4546, Policy name: AC 4), valid 

In: 10.10.10.2/6 --> 10). 10)..20): rani ADi atin ian 0x0), If: stO.0, Pkts: 1, 
Bytes: 84 Í 

Out: 10.20.20.2/1382: --—> 10.10) 10), aye lemp, Shan Tag 9x0, I£: ge-0/0/3.0, 
Pkts: 1, Bytes: 84 | 
Session ID: 4547, Policy name!!! porlicy2/ Sil mMimeguti:isi| Valid 

In: 10.20.20.2/226 --> 10.. 1010:1273 8703iii icmp; Sönn Tag) 0x0, If: ge-0/0/3.0, 
Pkts: 1, Bytes: 84 


Out: 10.10.10.2/38703 -—-> 19),#20.20),/2/'226;,icmp,! Conn Tag Ox0, If: stdO.0, Pkts: 
i, Bytes: 84 
Total sessions: 13 


You are validating bidirectional traffic flows through your IPsec tunnel. The 4546 session represents traffic 
being sourced from the remote end of the IPsec tunnel. The 4547 session represents traffic that is 
sourced from the local network destined to the remote network. 

Which statement is correct regarding the output shown in the exhibit? 

A. The remote gateway address for the IPsec tunnel is 10.20.20.2 

B. The session information indicates that the IPsec tunnel has not been established 

C. The local gateway address for the IPsec tunnel is 10.20.20.2 

D. NAT is being used to change the source address of outgoing packets 

Answer: A 


9.What is the purpose of the Switch Microservice of Policy Enforcer? 
A. to isolate infected hosts 

B. to enroll SRX Series devices with Juniper ATP Cloud 

C. to inspect traffic for malware 

D. to synchronize security policies to SRX Series devices 

Answer: B 
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{edit tenants TSYS1 security) TTT 
user@srx# show Hil 
log { 

mode stream; 
stream TNi_s format binary host 10.3'.54.22 
source address 10.3.45.66 

transport protocol tls 


} 

[edit system security-profile pl) 
userĝsrx# show 

security~log-stream-number reserved 1 
security-log-stream-number) maximum 2 
An administrator wants to configure an SRX Series device to log binary security events for tenant 
systems. 
Referring to the exhibit, which statement would complete the configuration? 
A. Configure the tenant as TSYS1 for the pi security profile. 
B. Configure the tenant as root for the pi security profile. 
C. Configure the tenant as master for the pi security profile. 

D. Configure the tenant as local for the pi security profile 
Answer: B 


